期刊文献+

模糊测试中的静态插桩技术 被引量:1

Static Instrumentation Techniques in Fuzzing Testing
下载PDF
导出
摘要 模糊测试是一种行之有效的软件缺陷检测方法.其基本思想是生成大量随机输入,从而广泛探索程序行为,并以此发现程序崩溃和崩溃背后的软件缺陷.显然,纯随机的输入无法高效探索程序行为,大量程序缺陷也难以导致崩溃.为了进一步提升模糊测试的有效性,模糊测试往往引入静态插桩技术,用于加快探索程序状态空间速度,提升发现缺陷的能力.因此,引入静态插桩已经成为当下模糊测试的经典实践.聚焦于模糊测试场景下的插桩需求,除了介绍静态插桩技术的基本原理外,从安全特性强化和导向信息收集两个视角出发,系统性地分析了当下静态插桩的典型方法.同时,针对插桩的额外开销问题,全面地测量了不同插桩方案下的程序的执行速度,并与基线的未插桩程序进行比对.最后基于上述分析和测量,初步展望了静态插桩的优化方向. Fuzzing testing is a well-established method for detecting software defects.Its basic idea is generating a large number of random inputs to explore the program behavior extensively and then to monitor the crashes and reveal the software defects behind the crashes.Obviously,purely random inputs cannot explore program behavior efficiently and a large number of program defects can hardly lead to crashes.To further enhance the effectiveness of fuzzing testing,static instrumentation techniques are often introduced in fuzzing testing to speed up the exploration of the program state space and improve the ability of defect detection.As a result,using static instrumentation has become a de facto practice in fuzzing testing nowadays.In this paper,we focus on the instrumentation requirements under the background of fuzzing testing.Besides introducing the basics of static instrumentation,we systematically analyze the typical schemes of static instrumentation from two perspectives,i.e.,security hardening and guidance collection.In addition,we investigate the challenge of execution overhead.Specifically,for a comprehensive set of instrumentation schemes,we measure the execution speed of the instrumented program and compare it to non-instrumented programs of the baseline.Finally,based on the above analyses and measurements,we provide a primitive analysis over the optimization directions of static instrumentation.
作者 王明哲 姜宇 孙家广 Wang Mingzhe;Jiang Yu;Sun Jiaguang(School of Software,Tsinghua University,Beijing 100084)
出处 《计算机研究与发展》 EI CSCD 北大核心 2023年第2期262-273,共12页 Journal of Computer Research and Development
基金 国家重点研发计划项目(2022YFB3104000) 国家自然科学基金项目(62022046,92167101,U1911401) 微众学者计划(20212001829)。
关键词 静态插桩 模糊测试 软件缺陷 程序分析 额外开销 static instrumentation fuzzing testing software defects program analysis overhead
  • 相关文献

同被引文献7

引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部